Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #1201452 by Heine, mgifford: Potential Vulnerability In DatabaseConnection_mysql

8.0.x
Alex Pott 2014-11-21 23:26:19 +00:00
parent 616b2ac464
commit ca38ade68c
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/lib/Drupal/Core/Database/Driver/mysql/Connection.php
View File

@ -61,6 +61,10 @@ class Connection extends DatabaseConnection {
// Default to TCP connection on port 3306.
$dsn = 'mysql:host=' . $connection_options['host'] . ';port=' . (empty($connection_options['port']) ? 3306 : $connection_options['port']);
}
// Character set is added to dsn to ensure PDO uses the proper character
// set when escaping. This has security implications. See
// https://www.drupal.org/node/1201452 for further discussion.
$dsn .= ';charset=utf8';
if (!empty($connection_options['database'])) {
$dsn .= ';dbname=' . $connection_options['database'];
}